Cryptography
Concept · Chapter 11
What It Is
Section titled “What It Is”- The study and practice of keeping information secret.
- Supports confidentiality, integrity, and non-repudiation, enabling secure communication. Two core tools: encryption and cryptographic hash functions.
Encryption
Section titled “Encryption”- Transforms plaintext into unreadable ciphertext using an algorithm + key; larger keys mean stronger but slower encryption.
- Reversible: decryption recovers the original value. Use encryption (not hashing) when the decrypted value must be recovered — e.g. sending a secure message the recipient must read.
- The algorithm pair is called a cipher. Two types:
| Type | Also called | Keys | Notes |
|---|---|---|---|
| Symmetric | Secret key | One shared key for both operations | Faster; drawback: both parties must hold the secret key |
| Asymmetric | Public key | Public key (shareable) + private key (secret) | Either key encrypts, the opposite decrypts; slower |
Cryptographic Hash Functions
Section titled “Cryptographic Hash Functions”- A hash function maps any-size input to a fixed-size output (the hash / message digest / digest). e.g. SHA-256 always yields a 256-bit (32-byte) value.
- Not reversible — unlike encryption. Prefer hashing over encryption when the original value never needs recovering.
- General uses: file-equality comparison, checksums, finding similar records, hash tables, Bloom filters.
- A cryptographic hash function guarantees properties that make it secure (used for digital signatures, HTTPS certificates, SSL/TLS, SSH). Non-cryptographic hashes are faster but weaker.
Properties of a cryptographic hash function
Section titled “Properties of a cryptographic hash function”- Quick — fast to compute, or dependent processes degrade.
- Deterministic — same input always yields the same hash (lets you compare hashes without knowing the input).
- One-way — infeasible (impractical, not literally impossible) to recover a message from its hash without brute force.
- Collision resistant — infeasible to find two inputs with the same hash. MD5 and SHA-1 have known collisions and must not be used for cryptography.
- Avalanche effect — a tiny input change produces a wildly different, uncorrelated hash.
Related
Section titled “Related”- Hash properties underpin correct password storage in IAM (salted hashing).
- Encryption in transit/at rest mitigates sensitive data exposure.
Citations
Section titled “Citations”- Software Architect’s Handbook (Packt, 2018), Ch.11 “Cryptography”, pp. 868-873.